I confirmed with a colleague at Google: It was a false positive, that address is a legitimate Google server.
DNSchanger, at least the famous attack along those lines, did not change Google but changed google analytics (www.google-analytics.com) and Doubleclick (ad.doubleclick.net) in order to inject advertisements.